1 I spent some time today configuring [Postfix][] so I could send mail
2 from home via [[SMTPS|STMP]].
7 Verizon, our ISP, blocks port 25 to external domains, forcing all
8 outgoing mail through their `outgoing.verizon.net` exchange server.
9 In order to accept mail, they also require you authenticate with your
10 Verizon username and password, so I wanted to use an encrypted
13 For the purpose of this example, our Verizon username is `jdoe`, our
14 Verizon password is `YOURPASS`, you're running a local Postfix server
15 on `mail.example.com` for your site at `example.com`, and `12345` is a
18 # cat /etc/postfix/main.cf
19 myhostname = mail.example.com
20 relayhost = [127.0.0.1]:12345
21 smtp_generic_maps = regexp:/etc/postfix/generic
22 smtp_sasl_auth_enable = yes
23 smtp_sasl_password_maps = hash:/etc/postfix/saslpass
25 # cat /etc/postfix/generic
26 /^jdoe@(.*)$/ jdoe@example.com
27 /^root@(.*)$/ jdoe@example.com
28 # postmap /etc/postfix/generic
29 # cat /etc/postfix/saslpass
30 [127.0.0.1]:12345 jdoe@verizon.net:YOURPASS
31 # postmap /etc/postfix/saslpass
32 # cat /etc/stunnel/stunnel.conf
36 connect = outgoing.verizon.net:465
37 # /etc/init.d/stunnel restart
42 $ echo 'testing 1 2' | sendmail you@somewhere.com
44 Here's what's going on:
46 * You hand an outgoing message to your local Postfix, which decides to
47 send it via port `12345` on your localhost (`127.0.0.1`) ([relayhost][]).
48 * Stunnel picks up the connection from Postfix, encrypts everything,
49 and forwards the connection to port 465 on `outgoing.verizon.net`
51 * Postfix identifies itself as `mail.example.com` ([myhostname][]), and
52 authenticates using your Verizon credentials (`smtp_sasl_…`).
53 * Because Verizon is picky about the `From` addresses it will accept,
54 we use [smtp_generic_maps][] to map addresses to something simple
57 And that's it :p. If you're curious, there's more detail about all
58 the Postfix config options in the [postconf][] man page. You might
59 also want to look over the [SASL_README][] and
60 [ADDRESS_REWRITING_README][].
62 For the [generic][] mapping, I've used a [regexp table][regexp], that
63 way I don't have to map a bunch of possible original addresses by
64 hand. By using [smtp_generic_maps][] instead of [canonical_maps][],
65 we only remap addresses before they head off into the wider world. If
66 we used [canonical_maps][], we would remap all incoming mail, even
67 mail destined for local delivery.
69 There's also a [blog post by Tim White][TW] which I found useful.
70 Because Verizon lacks [STARTTLS][] support, his approach didn't work
71 for me out of the box.
76 In case you have trouble with someone blocking your incoming mail,
77 things are a bit trickier. You can always accept mail on different
78 ports (e.g. the submission port 587), with an entry like
80 submission inet n - n - - smtpd
82 in `/etc/postfix/master.cf`. However, others will not know which port
83 you selected, because [MX records][MX] do not allow you to specify
84 alternate ports. The more modern [SRV record][SRV] allows this, but
85 mail systems are old-school and don't support SRV. If you have access
86 to another external server (whose port 25 isn't blocked), you can
87 point your MX record at that server, and have it forward mail to you
90 For the purpose of this example, the remote host has a public IP of
91 `1.2.3.4`, and your local site is `example.com`, recieving mail on
92 port 587. All of the following config files are on the remote host.
94 # cat /etc/postfix/main.cf
96 proxy_interfaces = 1.2.3.4
97 relay_domains = example.com
98 relay_transport = relay:[example.com]:587
101 For futher details (e.g. if you are relaying to more than one target),
102 see the [Postfix suggestions for being an MX host for a remote
105 [Postfix]: http://www.postfix.org/
106 [relayhost]: http://www.postfix.org/postconf.5.html#relayhost
107 [myhostname]: http://www.postfix.org/postconf.5.html#myhostname
108 [smtp_generic_maps]: http://www.postfix.org/postconf.5.html#smtp_generic_maps
109 [postconf]: http://www.postfix.org/postconf.5.html
110 [SASL_README]: http://www.postfix.org/SASL_README.html
111 [ADDRESS_REWRITING_README]: http://www.postfix.org/ADDRESS_REWRITING_README.html
112 [generic]: http://www.postfix.org/generic.5.html
113 [regexp]: http://www.postfix.org/regexp_table.5.html
114 [canonical_maps]: http://www.postfix.org/postconf.5.html#canonical_maps
115 [TW]: http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/
116 [STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS
117 [MX]: http://en.wikipedia.org/wiki/MX_record
118 [SRV]: http://en.wikipedia.org/wiki/SRV_record
119 [relay_domains]: http://www.postfix.org/postconf.5.html#relay_domains
120 [host]: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup